Logitech IT system hit by zero-day cyberattack

Large peripherals company Logitech on Nov. 14 reported that it experienced a cyberattack in which an unauthorized attacker used a zero-day bug in a third-party platform and copied data from one of its internal IT systems.

The attack was reportedly claimed by Clop, which was behind all the Oracle E-Business Suite (EBS) attacks since last summer.

In Friday’s filing with the Securities and Exchange Commission, Logitech, which markets, mice, keyboards, and webcams, said the data likely included limited information about employees and consumers and data relating to customers and suppliers.

Logitech said it does not believe any sensitive personal information such as national ID numbers or credit card information was housed in the impacted IT system.

Shane Barney, chief information security officer at Keeper Security, explained that cybercriminals are increasingly going after vendors and back-end systems, knowing that a single weak link can expose vast amounts of sensitive data across an entire ecosystem.

Barney added that the theft of nearly 1.8 terabytes of data in this latest attack against Logitech represents a clear reminder that the modern supply chain has become one of the most valuable targets for threat actors.

“When attackers compromise a trusted vendor, they gain a foothold that can be leveraged to reach multiple organizations at once,” said Barney. “These breaches often reveal internal network structures, credentials and partner relationships that can be weaponized for follow-on attacks. The consequences go far beyond one company — extending to customers, suppliers and anyone connected to the affected systems.”

As data theft and extortion replace traditional ransomware, Barney said organizations need to assume their third parties will be targeted and focus on minimizing impact when it happens. Barney said continuous monitoring, least-privilege access, and strong identity controls are critical to reducing the damage from a compromised partner environment.

"The Logitech incident highlights the fastest‑growing risk in enterprise security: unmanaged identities,” said Amir Khayat, co-founder and CEO at Vorlon. “Every integration, service account, and AI agent acts like an employee that never sleeps and rarely gets audited. Once those credentials leak, attackers can move through SaaS environments at machine speed. That’s exactly how Clop and similar groups operate today.”

Khayat said when Logitech confirmed “unauthorized access to a small portion of data,” security leaders must ask themselves how many of their non‑human identities (NHIs) have access beyond what anyone realizes?

“You cannot defend what you do not know exists,” said Khayat. “Most companies still do not know how many machine identities are holding their keys.”